{"record_type":"pith_number_record","schema_url":"https://pith.science/schemas/pith-number/v1.json","pith_number":"pith:2023:MDDSRA4ZDK4OCZOBSKZVLOCX42","short_pith_number":"pith:MDDSRA4Z","schema_version":"1.0","canonical_sha256":"60c72883991ab8e165c192b355b857e69b8dfc8fc21b4b8f04115823a1faad74","source":{"kind":"arxiv","id":"2311.08268","version":4},"attestation_state":"computed","paper":{"title":"A Wolf in Sheep's Clothing: Generalized Nested Jailbreak Prompts can Fool Large Language Models Easily","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CL","authors_text":"Dan Ma, Jiajun Chen, Jun Kuang, Peng Ding, Shujian Huang, Xuezhi Cao, Yunsen Xian","submitted_at":"2023-11-14T16:02:16Z","abstract_excerpt":"Large Language Models (LLMs), such as ChatGPT and GPT-4, are designed to provide useful and safe responses. However, adversarial prompts known as 'jailbreaks' can circumvent safeguards, leading LLMs to generate potentially harmful content. Exploring jailbreak prompts can help to better reveal the weaknesses of LLMs and further steer us to secure them. Unfortunately, existing jailbreak methods either suffer from intricate manual design or require optimization on other white-box models, which compromises either generalization or efficiency. In this paper, we generalize jailbreak prompt attacks i"},"verification_status":{"content_addressed":true,"pith_receipt":true,"author_attested":false,"weak_author_claims":0,"strong_author_claims":0,"externally_anchored":false,"storage_verified":false,"citation_signatures":0,"replication_records":0,"graph_snapshot":true,"references_resolved":false,"formal_links_present":false},"canonical_record":{"source":{"id":"2311.08268","kind":"arxiv","version":4},"metadata":{"license":"http://creativecommons.org/licenses/by/4.0/","primary_cat":"cs.CL","submitted_at":"2023-11-14T16:02:16Z","cross_cats_sorted":[],"title_canon_sha256":"2d3769c3953470a7661016b75c62eb8b2746967d8d399a5012ef3f9fcd2a3d70","abstract_canon_sha256":"a66302d8c7c10a3b16a18af457054cbc9dbba19cd65699d235d78e97c7c6affd"},"schema_version":"1.0"},"receipt":{"kind":"pith_receipt","key_id":"pith-v1-2026-05","algorithm":"ed25519","signed_at":"2026-07-05T08:05:05.058249Z","signature_b64":"IcIGoT5NTUIn+QZUiWUUuC8vJ0CssW9PoWTosAT9HtHRArSDc0xnCxEazMxtnAdEE0tyHRqVnMnLpvr1zClRAA==","signed_message":"canonical_sha256_bytes","builder_version":"pith-number-builder-2026-05-17-v1","receipt_version":"0.3","canonical_sha256":"60c72883991ab8e165c192b355b857e69b8dfc8fc21b4b8f04115823a1faad74","last_reissued_at":"2026-07-05T08:05:05.057777Z","signature_status":"signed_v1","first_computed_at":"2026-07-05T08:05:05.057777Z","public_key_fingerprint":"8d4b5ee74e4693bcd1df2446408b0d54"},"graph_snapshot":{"paper":{"title":"A Wolf in Sheep's Clothing: Generalized Nested Jailbreak Prompts can Fool Large Language Models Easily","license":"http://creativecommons.org/licenses/by/4.0/","headline":"","cross_cats":[],"primary_cat":"cs.CL","authors_text":"Dan Ma, Jiajun Chen, Jun Kuang, Peng Ding, Shujian Huang, Xuezhi Cao, Yunsen Xian","submitted_at":"2023-11-14T16:02:16Z","abstract_excerpt":"Large Language Models (LLMs), such as ChatGPT and GPT-4, are designed to provide useful and safe responses. However, adversarial prompts known as 'jailbreaks' can circumvent safeguards, leading LLMs to generate potentially harmful content. Exploring jailbreak prompts can help to better reveal the weaknesses of LLMs and further steer us to secure them. Unfortunately, existing jailbreak methods either suffer from intricate manual design or require optimization on other white-box models, which compromises either generalization or efficiency. In this paper, we generalize jailbreak prompt attacks i"},"claims":{"count":0,"items":[],"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"source":{"id":"2311.08268","kind":"arxiv","version":4},"verdict":{"id":null,"model_set":{},"created_at":null,"strongest_claim":"","one_line_summary":"","pipeline_version":null,"weakest_assumption":"","pith_extraction_headline":""},"integrity":{"clean":true,"summary":{"advisory":0,"critical":0,"by_detector":{},"informational":0},"endpoint":"/pith/2311.08268/integrity.json","findings":[],"available":true,"detectors_run":[],"snapshot_sha256":"c28c3603d3b5d939e8dc4c7e95fa8dfce3d595e45f758748cecf8e644a296938"},"references":{"count":0,"sample":[],"resolved_work":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57","internal_anchors":0},"formal_canon":{"evidence_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"author_claims":{"count":0,"strong_count":0,"snapshot_sha256":"258153158e38e3291e3d48162225fcdb2d5a3ed65a07baac614ab91432fd4f57"},"builder_version":"pith-number-builder-2026-05-17-v1"},"aliases":[{"alias_kind":"arxiv","alias_value":"2311.08268","created_at":"2026-07-05T08:05:05.057831+00:00"},{"alias_kind":"arxiv_version","alias_value":"2311.08268v4","created_at":"2026-07-05T08:05:05.057831+00:00"},{"alias_kind":"doi","alias_value":"10.48550/arxiv.2311.08268","created_at":"2026-07-05T08:05:05.057831+00:00"},{"alias_kind":"pith_short_12","alias_value":"MDDSRA4ZDK4O","created_at":"2026-07-05T08:05:05.057831+00:00"},{"alias_kind":"pith_short_16","alias_value":"MDDSRA4ZDK4OCZOB","created_at":"2026-07-05T08:05:05.057831+00:00"},{"alias_kind":"pith_short_8","alias_value":"MDDSRA4Z","created_at":"2026-07-05T08:05:05.057831+00:00"}],"events":[],"event_summary":{},"paper_claims":[],"inbound_citations":{"count":10,"internal_anchor_count":0,"sample":[{"citing_arxiv_id":"2606.25476","citing_title":"A Red Teaming Framework for Large Language Models: A Case Study on Faithfulness Evaluation","ref_index":54,"is_internal_anchor":false},{"citing_arxiv_id":"2606.05609","citing_title":"SlotGCG: Exploiting the Positional Vulnerability in LLMs for Jailbreak Attacks","ref_index":43,"is_internal_anchor":false},{"citing_arxiv_id":"2605.21674","citing_title":"Adversarial Reframing: A Framework for Targeted Generation in Language Models","ref_index":14,"is_internal_anchor":false},{"citing_arxiv_id":"2605.20654","citing_title":"REFLECTOR: Internalizing Step-wise Reflection against Indirect Jailbreak","ref_index":22,"is_internal_anchor":false},{"citing_arxiv_id":"2605.19485","citing_title":"Attention-Guided Reward for Reinforcement Learning-based Jailbreak against Large Reasoning Models","ref_index":6,"is_internal_anchor":false},{"citing_arxiv_id":"2510.08592","citing_title":"Less Diverse, Less Safe: The Indirect But Pervasive Risk of Test-Time Scaling in Large Language Models","ref_index":18,"is_internal_anchor":false},{"citing_arxiv_id":"2510.10073","citing_title":"SecureWebArena: A Holistic Security Evaluation Benchmark for LVLM-based Web Agents","ref_index":7,"is_internal_anchor":false},{"citing_arxiv_id":"2511.02356","citing_title":"ASTRA: An Automated Framework for Strategy Discovery, Retrieval, and Evolution for Jailbreaking LLMs","ref_index":11,"is_internal_anchor":false},{"citing_arxiv_id":"2407.04295","citing_title":"Jailbreak Attacks and Defenses Against Large Language Models: A Survey","ref_index":22,"is_internal_anchor":false},{"citing_arxiv_id":"2605.00236","citing_title":"Attention Is Where You Attack","ref_index":5,"is_internal_anchor":false}]},"formal_canon":{"evidence_count":0,"sample":[],"anchors":[]},"links":{"html":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42","json":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42.json","graph_json":"https://pith.science/api/pith-number/MDDSRA4ZDK4OCZOBSKZVLOCX42/graph.json","events_json":"https://pith.science/api/pith-number/MDDSRA4ZDK4OCZOBSKZVLOCX42/events.json","paper":"https://pith.science/paper/MDDSRA4Z"},"agent_actions":{"view_html":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42","download_json":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42.json","view_paper":"https://pith.science/paper/MDDSRA4Z","resolve_alias":"https://pith.science/api/pith-number/resolve?arxiv=2311.08268&json=true","fetch_graph":"https://pith.science/api/pith-number/MDDSRA4ZDK4OCZOBSKZVLOCX42/graph.json","fetch_events":"https://pith.science/api/pith-number/MDDSRA4ZDK4OCZOBSKZVLOCX42/events.json","actions":{"anchor_timestamp":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42/action/timestamp_anchor","attest_storage":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42/action/storage_attestation","attest_author":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42/action/author_attestation","sign_citation":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42/action/citation_signature","submit_replication":"https://pith.science/pith/MDDSRA4ZDK4OCZOBSKZVLOCX42/action/replication_record"}},"created_at":"2026-07-05T08:05:05.057831+00:00","updated_at":"2026-07-05T08:05:05.057831+00:00"}